CVE-2025-53941

Published Jul 17, 2025

Last updated a day ago

CVSS medium 6.1

Overview

Description
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-53941 Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted… https://t.co/YPzbEIqxxb

    @CVEnew

    17 Jul 2025

    278 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.